Malicious code in sap-addfolder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis af86db537f55f314e21a8c060650c331e5118a713a19e91daf36df8b5348b5ab The OpenSSF Package Analysis project identified 'sap-addfolder' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

persists-addfolder.txt

I took a shot at writing an exploit for this, so here goes. Choice of WinExecthe calculator, what else? or a bindshell. ------------------------------- Persits Software XUpload Control AddFolder BoF Exploit function Check var buf = 'A'; while buf.length = 1387 buf = buf + 'A'; // win32exec -...

Persits Software XUpload Control - AddFolder() Remote Buffer Overflow

Persits Software XUpload Control - AddFolder Remote Buffer Overflow Persits Software XUpload Control AddFolder BoF Exploit function Check var buf = 'A'; while buf.length = 1387 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2...

Persits Software XUpload Control - 'AddFolder()' Remote Buffer Overflow

Persits Software XUpload Control AddFolder BoF Exploit function Check var buf = 'A'; while buf.length = 1387 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...

Buffer overflow

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function...

Groove Virtual Office XUpload ActiveX控件缓冲区溢出漏洞

Groove Virtual Office是一款协同办公处理文档的应用程序。 Groove Virtual Office包含的XUpload ActiveX控件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 XUpload ActiveX控件对"AddFolder"方法缺少正确的边界错误，构建恶意的WEB页，诱使用户访问，可触发缓冲区溢出，精心构建提交数据可能以应用程序进程权限执行任意指令。 Groove Virtual Office 3.x Office Groove 2007不受此漏洞影响：...

Design/Logic Flaw

The 1 addfolder and 2 deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled...

CVE-2006-0711

The 1 addfolder and 2 deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled...